java - SSL TCP connection on Android (with cert) -
i'm new on android platform, coming .net world. need write tcp/ssl client class in app, send/recieve text messages java server. need use server public certificate (.cer file) in communication. in c# have sslstream class job, , lot of examples it. android (lolipop) cannot find examples on subject, without http protocol on top. hint appreciated.
below basially steps create ssl connection in android :
step 1 : public key of ur server (.cert file), have.
step 2: create keystore via bouncycastle jar
below commands :
keytool -importcert -v -trustcacerts -file "path_to_cert/interm_ca.cer" -alias intermediateca -keystore "res/raw/mykeystore.bks" -provider org.bouncycastle.jce.provider.bouncycastleprovider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype bks -storepass mysecret verify if certificates imported correctly keystore:
keytool -list -keystore "res/raw/mykeystore.bks" -provider org.bouncycastle.jce.provider.bouncycastleprovider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype bks -storepass mysecret should output whole chain:
rootca, 22.10.2010, trustedcertentry, thumbprint (md5): 24:77:d9:a8:91:d1:3b:fa:88:2d:c2:ff:f8:cd:33:93intermediateca, 22.10.2010, trustedcertentry, thumbprint (md5): 98:0f:c3:f8:39:f7:d8:05:07:02:0d:e3:14:5b:29:43 now can copy keystore raw resource in android app under res/raw/
step 3:
create httpsclient below , query service client :
public class httpsclient extends defaulthttpclient { final context context; public httpsclient(context context) { this.context = context; } @override protected clientconnectionmanager createclientconnectionmanager() { schemeregistry registry = new schemeregistry(); registry.register(new scheme("http", plainsocketfactory .getsocketfactory(), 80)); // register port 443 our sslsocketfactory our keystore // connectionmanager registry.register(new scheme("https", newsslsocketfactory(), 443)); return new singleclientconnmanager(getparams(), registry); } private sslsocketfactory newsslsocketfactory() { try { // instance of bouncy castle keystore format keystore trusted = keystore.getinstance("bks"); // raw resource, contains keystore // trusted certificates (root , intermediate certs) inputstream in = context.getresources().openrawresource( r.raw.mykeystore); try { // initialize keystore provided trusted // certificates // provide password of keystore trusted.load(in, "mysecret".tochararray()); } { in.close(); } // pass keystore sslsocketfactory. factory // responsible // verification of server certificate. sslsocketfactory sf = new sslsocketfactory(trusted); // hostname verification certificate sf.sethostnameverifier(sslsocketfactory.allow_all_hostname_verifier); return sf; } catch (exception e) { throw new assertionerror(e); } } } the above case holds true connection on http , if need have connection without http , keystore procedure remains same , need use sockets open , close connection :
string keystorepath = "absolute path jks keystore file"; string keystorepass = "keystore password"; system.setproperty("javax.net.ssl.keystore", keystorepath); system.setproperty("javax.net.ssl.keystorepassword", keystorepass); sslserversocketfactory sslserversocketfactory = (sslserversocketfactory) sslserversocketfactory.getdefault(); sslserversocket serversocket = (sslserversocket) sslserversocketfactory.createserversocket(port_number); while (true) { new clientthread((sslsocket) serversocket.accept()).start(); } 
Comments
Post a Comment